On Thu, Nov 10, 2011 at 11:16 AM, Nikos Mavrogiannopoulos <[email protected]> wrote: > On 11/10/2011 07:48 PM, Fabrice Gautier wrote: > >> Ahah, so it happens to work on one of my machines, but not on the other two. >> The machine were it works is a mac running Lion, the other two are >> macs running SnowLeopard. >> I'm recompiling gnutls from source on all of them, openssl is also >> recompiled (either from source or through macports) so I'm guessing >> that something went wrong while compiling. On some machine, I used the >> gmp that came with macport, on others I recompiled myself, so who >> knows where the problem lies... >> Is there a way to verify a CSR with gnutls's certtool ? > > What do you mean verify a CSR? Verify the self signature? That is being > done automatically when it is signed.
Ah yes, I see that. Openssl has a command to verify without signing. The reason I'm not using certtool to generate the request is that I already had a script to generate certs using openssl. The only reason I used certtool for the key was that gnutls does not read openssl ec keys (Thats the issue I reported a few days ago). After investigating, it appears that the problem lies in gnutls generating a bad EC key on the BAD system. Both gnutls and openssl (on both GOOD and BAD systems) will happily generate a CSR using that bad key, but both will fail the verification when trying to sign the CSR. The rest of gnutls on the BAD system seems to work fine, I have been using the BAD system as a server, using keys and certs that were generated on the GOOD system. At least that's what it looks like so far... I'm attaching what I think is a BAD key if anybody wants to poke at it. > regards, > Nikos >
ClientKey.ecc.pem
Description: Binary data
_______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
